40 predictions for 2022 | TechBeacon

0
10
40 predictions for 2022 | TechBeacon

With 2022 just around the corner, IT professionals are wondering whether the new year will remain as challenging as this year and last. 

In a word, yes. CIOs will face a tricky juggling act, with talent retention and future-proofing key among them. Forrester predicts that cloud-first and platform-based architectures will be adopted, along with low-code/no-code solutions to reduce the need for advanced technical skills.

Other projects this coming year will include rationalization, AI deployment, sustainability and greening initiatives—featuring server virtualization and more efficient hardware and data centers—updated monitoring systems, modernization, augmented security, and changes in CIOs’ own roles. These are all topics TechBeacon will continue to look at over the coming year.

Below, several IT and tech leaders weigh in with their thoughts. But here’s a broader view, from Akinwumi A. Adesina, president of the African Development Bank Group: “It’s hard to predict in a situation wherein you have a virus that is just ravaging the place, but I think first and foremost, the area that we will see the most growth is the fintech sector,” he said. Everything is going to go back to digital, he said, and “that’s why investment in digital infrastructure, investment in data centers, investment in content creators is going to be very important.” He expects that countries, especially in Africa, “will invest more in not only digital economies, but digitizing their whole systems.”

With those observations in mind, and in no particular order, here are tech industry leaders’ predictions for DevOps, testing, enterprise IT, and security.

DevOps (including DevSecOps) and testing

Agile IT factories become app dev engines

“Foundations for future growth reside in the core systems, applications, teams and processes of today. Streamlining operations and delivery processes, using factory or value stream models, will further enhance existing agile or DevOps processes to instill greater efficiency and allow room for transformational change.”
Derek Britton, director of marketing communications and brand strategy, Micro Focus

Citizen development faces a reckoning

“Citizen development has been attempted for a decade now, and the industry is going to realize that delegating solution-building to power users has limits. The applications being produced are often too fragile to be shared beyond a few users, and when they succeed the amateur developer soon becomes a professional developer and changes careers. When it works, it’s beautiful, but companies will realize this is so rare that they can’t depend on it.”
Mike Fitzmaurice, vice president for North America and chief evangelist, Webcon

Agile alignment and democratization take over DevOps

“For organizations to fully take on DevOps in a hybrid work environment in 2022, integration technologies must align with agile software development. Citizen developers will be playing a larger role in this process in the coming year(s) and will need hybrid and multi-cloud infrastructures, continuous delivery, and platform-enabled ecosystems as a foundation. Visibility will be a challenge here as a multitude of teams and systems work to integrate and modernize with on-premises and multi-cloud systems in play.”
Subhash Ramachandran, vice president, product management, Software AG

Low-code approaches to DevOps gain traction

“Developers have been at the forefront of developing continuous integration and continuous delivery pipelines using a variety of scripting languages. The rise of low-code application development and integration tools and of standardized API interfaces will force developers to explore low-code pipeline authoring tools. Early-stage low-code DevOps approaches—including out-of-the-box templates and rudimentary graphical pipeline authoring tools—will be superseded by unified end-to-end graphical pipeline authoring tools.”
Sachin Gadre, vice president for product management, CloudBees

Shifting nonfunctional testing left finally becomes reality

“As end users’ expectations of digital apps continue to grow, DevOps teams will shift the nonfunctional quality requirements left, earlier in the pipeline, along with traditional functional testing. Testing types that include performance, security, and accessibility will be an equal quality requirement, like any other testing done within continuous integration jobs. For that to succeed, testing teams will need to automate and maintain nonfunctional tests as an ongoing practice, ensuring they are stable, can run at high scale, and be properly analyzed by developers.”
Eran Kinsbruner, chief evangelist of SAST and DevOps, senior director of product marketing, Perforce Software

Low-code and business modernization rule

“Digital transformation is still the name of the game when it comes to making businesses more modern. Organizations need to modernize their legacy systems to compete in today’s markets and comply with ever-changing regulations. Low-code platforms that allow organizations to build applications and automate decisions, processes, and more will be crucial. These organizations need to get better on two key fronts. First, they need to get better at capturing, configuring, processing, and maintaining data. Second, they need to improve their use of AI/ML to make and explain predictions that enhance their applications. In doing so, organizations will have a complete low-code strategy.”
Alan Young, chief product officer, InRule

Waterfall continues to refuse to die

“While commercial development efforts will continue to shift toward any of several methodologies based on continuous improvement, companies engaging with outside consultants will continue to demand fixed-price, fixed-term, one-and-done projects. It will keep waterfall on life support for the foreseeable future. I’m not proud to be saying this, but I’m not wrong, either.”
Mike Fitzmaurice, vice president for North America and chief evangelist, Webcon

Change for the sake of change abates

“IT and business leaders must prepare for a variety of circumstances in 2022, as user expectations and technological advancements evolve and DevOps democratization takes root. Businesses must realize that if low-code methods or on-premises systems are working, they mustn’t rush into change without the right approach. They need to test, iterate, integrate, and evolve strategies as they go through this year rather than rushing into a material change that won’t support long-term digital transformation.”
Subhash Ramachandran, vice president of product management, Software AG

DevSecOps is dead. Long live DevOps.

“Executive orders and tighter integration of security and compliance tools with the software delivery supply will result in the concept of DevSecOps, as a separate practice, dying a quiet death. Doing DevOps right means that security is an integral component of all stages of the process.”
Tim Johnson, director of product marketing, CloudBees

Enterprise IT

Telcos rise again

“With the continued rollout of 5G infrastructure and the supporting open networking approach, telcos are finding themselves in a unique position. At worst they’ll augment the cloud revolution, but at best they can challenge incumbent cloud providers for a share of the application hosting market. Telcos will start to develop more mature approaches to application hosting and leverage their massively distributed networks to deliver hosting options at the edge.”
Daniel Bartholomew, chief technology officer, Section

Digital transformation becomes more urgent than ever

“2022 will show an increased urgency among many enterprise organizations in accelerating their digital transformation strategy. The past 18 months have been a difficult lesson for many IT shops who haven’t yet fully shifted to a digital-first strategy. For large enterprises, with core business applications written in COBOL or running on the mainframe, we see even greater momentum toward cloud-based initiatives. We anticipate even larger workloads shifting to popular cloud provider platforms during the year, setting the stage for the next generation of core business application deployment and modernization.”
Ed Airey, product marketing director of COBOL solutions, Micro Focus

CI/CD becomes an IT requirement

“The Bill Gates memo in 2001 became the industry standard on designing and delivering complex software systems. Since then, IT teams and developers have fallen into habits of adopting ‘known’ technology systems. In 2022, we’ll see a shift toward more stability and standardization for continuous integration and continuous delivery (CI/CD). IT leaders have an opportunity to capitalize on this high-growth, high-valuation market to increase deployment activity and solve the ‘day two operations problem’.”
Danny Allan, chief technology officer, Veeam

Great IT talent becomes critical for process automation projects

“The heterogeneous landscape of legacy systems, humans, cloud services, and devices has become more complex almost daily. At the same time, the pressure to digitize and to automate increases, leaving organizations with little time to react. Today’s environment requires an agile mindset and great IT talent, which a lot of companies are currently lacking due to the talent shortage. In 2022, IT and business leaders must not only prioritize recruiting and talent acquisition efforts, but also establish a culture that lets their talent thrive or they risk falling behind.”
Bernd Ruecker, co-founder and chief technologist, Camunda

Everyone and everything are everywhere

“Saying hi to hybrid is nothing new, whether in terms of where apps and data reside or from where users choose to login. Accepting, adapting, and leveraging a many-to-many topology will cause IT leaders to rethink, remodel, and reinvest to support greater (and compliant) collaboration and cohesion between teams, applications, and customers.”
—Derek Britton, director of marketing communications and brand strategy, Micro Focus

A wave of companies tries to pivot to API-first strategies—and all fail quickly

“The API economy is booming, as evident by the flow of VC capital into API-first companies. Seeing this, traditional companies will try to make the pivot to offering APIs as a growth driver. Most will fail, as they’ve been built for sales-led growth instead of product-led growth. If product-led growth is not part of a company’s DNA, they are doomed from the start. This big pivot will lead to the downfall of many ‘bandwagon’ companies.”
Bernadette Nixon, CEO, Algolia

Security becomes less of a barrier to cloud migration

“The biggest hurdle to adoption in 2022 will be to rectify any misconceptions of the public cloud surrounding safety and security. The pandemic has taught us that cloud-based infrastructure is an important factor in moving to a remote workforce; due to this, we will continue to see more companies make the switch. However, opinions that public cloud may not be as secure as existing infrastructure will slow the adoption process. CSPs will need to work to combat these misconceptions and ensure that potential customers understand that the cloud is safe, effective and an essential component of digital transformation.”
John Schmottlach, senior vice president of delivery, Apps Associates

Use of containers at the edge continues to grow

“Last year, Gartner predicted that by 2022 more than 75% of global organizations will be running containerized applications in production, up from less than 30% in mid-2020. The use of containers at the edge will require more advanced support from edge platform providers to help ease deployment and ongoing operations.”
—Daniel Bartholomew, chief technology officer, Section

Edge, Kubernetes continue having their moment

“Public cloud has become the new normal, yet many enterprises still have their on-premises cloud structures requiring a hybrid environment. As we no longer have just one cloud, organizations will have to better focus on how to run their business around various environments without fail, while also solving the issue of critical data not being housed in a single place. This will bring a few technologies into focus in 2022.”
Avishai Sharlin, division president, Amdocs Technology

Automation carries on

“Organizations will continue to automate more and more of their business. This will impact both business and the workforce. Companies will take on more and expand their business as more and more repetitive tasks are automated. However, humans will still be needed. When processing a healthcare claim manually, the employee will need to handle data errors and inconsistencies in automated claims. These errors will typically consist of minor issues such as the wrong healthcare code number being used for a procedure. The employee must correct the error so that the claim can be automated and processed properly. Employees will be required to handle the tasks that require more intelligent thinking.”
—Alan Young, chief product officer, InRule

AI and automation replace software jobs

“The talent shortage will leave many jobs unfilled, making way for the advancement of artificial intelligence and automation to fill new roles. In 2022, we’ll see AI and automation capable of filling positions in hard-hit sectors like the finance, healthcare, legal, and software industries. These developments will mostly affect entry-level positions, like interns, making it harder for recent graduates entering the workforce to gain job experience in the future.”
—Danny Allan, chief technology officer, Veeam

2022: The year of the CIO

“The shift to remote work has increased the need for IT solutions across the board. This led to the importance of IT becoming very visible in 2021, and CIOs gained visibility and influence. This year, CIOs can leverage their position to set the stage for automation efforts, bringing them to the forefront of an organization’s business strategy. CIOs that prioritize automation efforts will quickly see the ROI, while organizations and CIOs who remain hesitant will fall behind.”
—Bernd Ruecker, co-founder and chief technologist, Camunda

The battle over build vs. buy comes to a head; neither wins

“As the Great Resignation continues, creating efficiencies will continue to be a top priority—especially for the tech teams facing increased pressure to innovate. If you wanted to build a brick home, you wouldn’t start by firing your own bricks. You’d buy them and use them to build your unique, custom home that fit your needs and wants. So why would you build your technology from scratch or buy an off-the-shelf product that’s not tailored to your needs? The question of build vs. buy for technology is a fallacy. Smart companies, instead, will buy building blocks—via API-first products to then build on to create their customer experiences.”
Jason McClelland, CMO, Algolia 

Security

Data breaches hit the hybrid world

“As companies accelerate toward a higher office-vs.-remote work ratio, initial access brokers will take advantage of the mobility and weaknesses in bring your own device endpoints to gain footholds and refresh credentials and PII data stores. As a result of this, multiple major breaches will be reported.”
Bob Rudis, chief security data scientist, Rapid7

‘Protected while connected’ becomes the new model

“Hybrid models and rapid change introduces risk and the largest of all remains security, with 2021 another illustration of the dire consequences of falling short of appropriate levels of cyber resilience. There will be no let-up of focus and interest in IT security, as new ways of working reveal new dangers across the enterprise, from remote users to new supply chains, from cloud to mainframe.”
Derek Britton, director of marketing communications and brand strategy, Micro Focus

AI detects and defends against attacks

“Recent years have seen an increase in IoT and critical infrastructure attacks. In response, however, the same AI techniques that have proven useful in other security domains like insider threat will prove to be successful for IoT and industrial control systems use cases. In particular, security AI will be critical in analyzing vast amounts of data that would be humanly impossible for a SOC team, detecting even very subtle changes in behavior that are indicative of an attack and statistically connecting the dots between many clues to pinpoint the one or two devices that are being infiltrated. Due to the volume of processing required, such IoT AI services will be cloud-only.”
Stephan Jou, CTO for security analytics, Interset, CyberRes

Open-source security becomes a top priority

“Greater awareness of the thousands of open-source libraries used in all software development will result in increased use of tools to scan for vulnerabilities in open-source software. Organizations with more open-source security awareness will keep up with the latest versions and patches, improving their overall security posture. Thanks to awareness, DevOps, and security tooling, in 2022 we’ll see an improvement in prevention and the growth of open-source tools, such as digital signing service to prevent supply chain attacks.”
Javier Perez, chief evangelist of open source software and API management, Perforce Software

Ransomware incidents continue to rise

“Throughout 2022, anticipate a continued increase in ransomware incidents. While international law enforcement has made some progress in tracking and interdicting cryptocurrency payments to the criminals, I do not anticipate that this will make a significant dent in overall ransomware volume. Criminals will launder proceeds from their ransomware activities via NFTs and virtual property in the metaverse.”
Brian Kime, vice president for intelligence strategy and advisory, ZeroFox

Ransomware evolves 

“We are now seeing ransomware converging with hacktivism, where companies are being hit with ransomware just due to the hacker’s perceptions of a business’s values, industry, or actions. In these situations, the hackers are not even requesting a ransom or offering to decrypt the data. We also see that ransomware gangs now have the funds to purchase zero-day vulnerabilities that used to only be accessible to nation-states. Ransomware-as-a-service will continue to make ransomware more accessible to a wider range of attackers while also paying company insiders to deploy ransomware at their place of employment. Nation-states are going to continue to invest heavily in compromising identities and using “live off the land” attacks that are very difficult to detect because they do not use malware but instead use native operating system features to carry out their attacks.”
– Heather Gantt-Evans, chief information security officer, SailPoint

Remote worker security risk persists

“2022 will not start with a mass return of employees to offices. Work-from-home and the hybrid-working model will remain the norm for most. Work computers, mobile phones, and other devices transitioning between environments significantly increases risk for security teams. I expect to see more targeted and sustained attacks toward individual employees using social engineering combined with payloads designed to cause maximum disruptions to operations. Despite policies on VPN connectivity, many are sharing unencrypted files and using work computers for personal use over insecure Wi-Fi.”
Danny O’Neill, director MDR security operations, Bitdefender

The concept of securing a perimeter ends

“CISOs will need to think strategically and implement borderless security based on a zero-trust architecture (ZTA). For business continuity, organizations must enable access of mission-critical assets to employees wherever they are located. Employees are probably accessing these resources from personal, shared devices and unsecured networks. As a result, CISOs need to redesign their security controls and identity and access management policies to reflect the shift to ZTAs. To this end, they must have full visibility into connected devices and the rapidly expanding endpoints in the enterprise.
Stan Wisseman, chief security strategist for North America, CyberRes

More (unsupervised) machine learning in the attack vector

“Attackers will use unsupervised machine learning to attack in an unmanned way. Algorithms will be self-capable of deciding the best course of action for an attack. These types of attacks will bring a ‘democratized’ way of attacking and will enable economies of scale in attacks.”
Ramsés Gallego, international chief technology officer, CyberRes

2022, the year of app sec

“2022 will be remembered as the year when a rising tide of organizations start leveraging application security as a business enabler. Traditionally, app sec is seen as an impediment, an arbitrary hurdle placed in the way of business progress. We’re passing a tipping point where organizations are realizing that app sec is inseparable from how we build, deploy, and run software.”
Jonathan Knudsen, senior security strategist, Synopsys Software Integrity Group

Remote access brings more cloud security investments

“I predict we will see a boom of companies expanding their offerings to include cybersecurity services and solutions to capitalize on the need to protect their cloud investments. Solutions like endpoint detection and response and extended detection and response are becoming a mandatory requirement for organizations, as these systems provide more than just antivirus protection. I believe we’ll see an increase in these types of offerings, especially as the office and home remain merged and as innovations like the metaverse, IoT, and cloud adoption continue to grow, bringing new potential threats along with them.”
Avishai Sharlin, division president, Amdocs Technology

Software bill of materials is a thing 

“The adoption of software bill of materials (SBOM) will be astonishingly fast in the United States toward the latter half of 2022 and herald a new era of better third-party risk management and overall organizational safety and resilience.”
Bob Rudis, chief security data scientist, Rapid7

Healthcare data becomes a bigger target

“Cyberattacks targeting the healthcare industry will increase, resulting in a bigger emphasis on protecting health-related data. This will take the shape in two ways, with the first protecting personal health records as they command a heavy price on the dark web. Secondly, as medical research and innovation continue to advance, so too will espionage and attempted theft of intellectual property. The ability to proactively monitor for and detect suspicious activity or behaviors and eliminate threats before they impact operations is critical.”
—Danny O’Neill, director MDR security operations, Bitdefender

Sensitive data protection happens in the cloud

“In the year ahead, cybersecurity awareness training remains essential to the prevention of a variety of cyberattacks for organizations of all shapes and sizes. This is an important way for businesses to prevent phishing attacks. As more and more organizations adopt cloud solutions, cloud security strategies will continue to mature in the months and years ahead. Automation and configuration are of utmost importance to maintain continuous sensitive data protection in the cloud.”
Amit Sharma, software security engineer, Synopsys Software Integrity Group

Cyber risk decreases by focusing on business-impacting data

“In the past couple of years, we saw a shift from prevention to detection and response capabilities as driven by the continued increase in sophistication of cyberattacks taking place. Going forward, organizations globally will pivot to prioritize their cyber investments on how to protect business-impacting data. Many cross-vertical, multinational companies continue to struggle to keep up with all the attacks negatively impacting their business operations. Truly gaining an understanding of the business impacting data across an organization, and then providing the means to continuously assess where this type of data is being introduced into the environment—whether it be cloud, SaaS solutions, core applications, third-party relationships, etc.—will allow for driving a more resilient approach to cybersecurity programs and minimizing risk for organizations as a whole.”
Rob Aragao, chief security strategist, CyberRes

New mantra: Trust nobody, verify everybody

“In recent years, there has been an uptick in API-based cyberattacks against enterprise web applications. Knowing this, organizations should invest in API security activities. We’re seeing a strategic radical initiative in the growth of zero trust. This model helps prevent data breaches by eliminating the concept of trust in their security posture. Trust nobody, verify everybody. Granular access controls for users, data, resources, etc. is one way of employing a zero-trust model.”
Amit Sharma, software security engineer, Synopsys Software Integrity Group

AI regulation forces disclosure from cybersecurity vendors and triggers certification

“Ongoing and emergent regulation from various countries and states around ethical and responsible AI—e.g., China, EU, Canada, etc.—will have an impact on all AI systems, including cybersecurity systems that incorporate AI and analytics. This will force disclosure and documentation to be provided from cybersecurity vendors. The increasing compliance environment around responsible and ethical AI will also trigger certification discussions, as the cybersecurity industry tries to wrestle with and align on the competing needs from different regional regulations.”
Stephan Jou, CTO security analytics, Interset, CyberRes

Keep learning

Go to Publisher: TechBeacon
Author: David Shephard